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DETAILED ACTION 
Claim Rejections - 35 USC §101 

1. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, maclnine, manufacture, or 
composition of matter, or any new and useful improvement thereof, may obtain a patent 
therefor, subject to the conditions and requirements of this title. 

2. Claims 27 - 39 and 82 - 94 are rejected under 35 U.S.C. 101 because the claimed 
invention is directed to non-statutory subject matter. Based on paragraphs 37, 40 and 42 
of Applicant's disclosure, it appears that said claims may be embodied solely in software. 



Claim Rejections - 35 USC §102 

3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form 
the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 
122(b), by another filed in the United States before the invention by the applicant for 
patent or (2) a patent granted on an application for patent by another filed in the United 
States before the invention by the applicant for patent, except that an international 
application filed under the treaty defined in section 351(a) shall have the effects for 
purposes of this subsection of an application filed in the United States only if the 
international application designated the United States and was published under Article 
21(2) of such treaty in the English language. 

4. Claims 1, 10, 14, 23, 27, 36, 82 and 91 are rejected under 35 U.S.C. 102(e) as 

being anticipated by Khanolkar et al. (US 7,127,743 Bl). 

5. Regarding claim 1, Khanolkar shows in a computer system comprising a plurality of 
nodes interconnected for communication via a network, a method including acts of: 

(A) capturing, in a data structure (col. 5 line 65 - col. 6 line 22), a notification 
provided by a node on the network, the notification comprising at least a portion of a 
transmission by the node, the transmission describing a network event (col. 2 lines 10 - 67, 



col. 3 lines 57 - 65, col. 4 lines 15 -30); 
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(B) identifying a data element within the notification (col. 6 lines 2-8, col. 7 lines 1 

-3); 

(C) updating an index, based on the data element, with an indication of a location 
within the data structure where the data element is recorded (col. 2 lines 63 - 67, col. 4 
lines 50 - 55, col. 7 lines 1 - 13). 

6. Regarding claim 14, Khanolkar shows at least one computer-readable medium 
encoded with instructions which, when executed by a computer, perform a method in a 
computer system comprising a plurality of nodes interconnected for communication via a 
network, a method including acts of: 

(A) capturing, in a data structure (col. 5 line 65 - col. 6 line 22), a notification 
provided by a node on the network, the notification comprising at least a portion of a 
transmission by the node, the transmission describing a network event (col. 2 lines 10 - 67, 
col. 3 lines 57 - 65, col. 4 lines 15 -30); 

(B) identifying a data element within the notification (col. 6 lines 2-8, col. 7 lines 1 

-3); 

(C) updating an index, based on the data element, with an indication of a location 
within the data structure where the data element is recorded (col. 2 lines 63 - 67, col. 4 
lines 50 - 55, col. 7 lines 1 - 13). 

7. Regarding claim 27, Khanolkar shows a system for monitoring activity occurring in a 
computer system comprising a plurality of nodes interconnected for communication via a 
network, the system comprising: 

a capture controller, said capture controller capturing, in a data structure (col. 5 line 
65 - col. 6 line 22), a notification provided by a node on the network, the notification 
comprising at least a portion of a transmission by the node, the transmission describing a 
network event (col. 2 lines 10 - 67, col. 3 lines 57 - 65, col. 4 lines 15 -30); 
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an identification controller, said identification controller identifying a data element 
within the notification (col. 6 lines 2-8, col. 7 lines 1 - 3); 

an update controller, said update controller updating an index, based on the data 
element, with an indication of a location within the data structure where the data element is 
recorded (col. 2 lines 63 - 67, col. 4 lines 50 - 55, col. 7 lines 1 - 13). 

8. Regarding claim 82, Khanolkar shows system for monitoring activity occurring in a 
computer system comprising a plurality of nodes interconnected for communication via a 
network, the system comprising: 

means for capturing, in a data structure, a notification provided by a node on the 
network, the notification comprising at least a portion of a transmission by the node, the 
transmission describing a network event (col. 2 lines 10 - 67, col. 3 lines 57 - 65, col. 4 
lines 15 -30); 

means for identifying a data element within the notification (col. 6 lines 2-8, col. 7 
lines 1 - 3); 

means for updating an index, based on the data element, with an indication of a 
location within the data structure where the data element is recorded (col. 2 lines 63 - 67, 
col. 4 lines 50 - 55, col. 7 lines 1 - 13). 

9. Regarding claims 10, 23, 36 and 91, Khanolkar further shows wherein the 
transmission comprises at least one of a SYSLOG message, an SNMP message, a NetFlow 
message and a TCP packet (Khanolkar, col. 2 line 40 and col. 5 lines 10 - 50). 

Claim Rejections - 35 USC §103 

10. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or 
described as set forth in section 102 of this title, if the differences between the subject 
matter sought to be patented and the prior art are such that the subject matter as a 
whole would have been obvious at the time the invention was made to a person having 
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ordinary sl<ill in tine art to which said subject matter pertains. Patentability shall not be 
negatived by the manner in which the invention was made. 

11. Claims 2, 3, 5, 6, 15, 16, 18, 19, 28, 29, 31, 32, 83, 84, 86 and 87 are rejected 
under 35 U.S.C. 103(a) as being unpatentable over Khanolkar in view of l^artenson (US 

6,219,708 Bl). 

12. Regarding claims 2, 15, 28 and 83, Klianoll<ar slnows claims 1, 14, 27 and 82. 
Khanolkar does not explicitly show storing the data structure in a non-volatile 

storage. 

Martenson shows storing the data structure in a non-volatile storage (col. 6 lines 43 

-55). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify the disclosure of Khanolkar with that of Martenson in order to ensure 
that the data formulated, filtered and processed by the method of Khanolkar is archived for 
future use on a common and well-understood storage mechanism. 

13. Regarding claims 3, 16, 29 and 84, Khanolkar in view of Martenson further show 
storing the data structure in a file system in the non-volatile storage (Martenson, col. 6 lines 
43 - 55). 

14. Regarding claims 5, 18, 31 and 86, Khanolkar in view of Martenson further show an 
act comprising classifying the notification based on the data element, and wherein the act 
(A) further comprises storing the data structure in the file system based on the classification 
(Khanolkar, col. 6 lines 22 - 23, col. 6 line 65 - col. 7 line 3). 

15. Regarding claims 6, 19, 32 and 87, Khanolkar in view of Martenson further show 
wherein the data element comprises an IP address of the node (Khanolkar, col. 7 lines 1 - 
13, col. 4 lines 50 - 55). 

16. Claims 4, 17, 30 and 85 rejected under 35 U.S.C. 103(a) as being unpatentable over 
Khanolkar in view of Martenson as applied to claims 3, 16, 29 and 84 above, and further in 
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view of Richard et al. (US 2005/0015461 Al), hereafter Richard. 

Khanolkar in view of l^artenson show claims 3, 16, 29 and 84. 

Khanoll<ar in view of l^artenson do not explicitly show the file system is a hierarchical 
file system. 

Richard shows where the file system is a hierarchical file system ([111]). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify the disclosure of Khanolkar in view of Martenson with that of Richard in 
order to utilize a common type of file system (Richard, [111]). 

17. Claims 7, 20, 33 and 88 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Khanolkar further in view of Microsoft Computer Dictionary, 5* Edition. 

18. Regarding claims 7, 20, 33 and 88, Khanolkar shows claim 1. 
Khanolkar does not explicitly show where the data structure is a file. 
Microsoft Computer Dictionary shows files (pgs. 2 - 3). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify the disclosure of Khanolkar with that of Microsoft Computer Dictionary 
in order to utilize common ideas in computing environments. 

19. Claims 8, 9, 21, 22, 34, 35, 89 and 90 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Khanolkar in view of Martenson as applied to claims 2, 15, 28 and 83 
above further in view of Microsoft Computer Dictionary, 5"^ Edition. 

20. Regarding claims 8, 21, 34 and 89, Khanolkar in view of Martenson show claims 2, 
15, 28 and 83. 

Khanolkar in view of Martenson do not explicitly show an act of compressing the data 
structure. 

Microsoft Computer Dictionary shows compression of files, such as data structures 
(pgs. 2-3 and 4 -5). 
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It would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify the disclosure of Khanolkar and Martenson with that of Microsoft 
Computer Dictionary in order to utilize common ideas in computing environments, as well as 
to optimize the storage size of the data structure. 

Khanolkar in view of Martenson and Microsoft Computer Dictionary thus show claims 
8, 21, 34 and 89. 

21. Regarding claims 9, 22, 35 and 90, Khanolkar in view of Martenson and Microsoft 
Computer Dictionary further show act of creating a digital signature for the data structure 
(Microsoft Computer Dictionary, pgs. 2-3 and 6). 

22. Claims 11, 12, 13, 24, 25, 26, 37, 38, 39, 92, 93 and 94 are rejected under 35 
U.S.C. 103(a) as being unpatentable over Khanolkar in view of Special Edition Using Java 2 
Enterprise Edition, hereafter Wutka. 

23. Regarding claims 11, 24, 37 and 92, Khanolkar shows claims 1, 14, 27, 82, as well 
as using a relational database (col. 4 lines 10 - 30). 

Khanolkar does not show (D) accessing the index to determine, based on the 
indication, the location of the data element within the data structure; and (E) accessing the 
data element at the location. 

Wutka shows (D) accessing the index to determine, based on the indication, the 
location of the data element within the data structure; and (E) accessing the data element 
at the location (pgs. 2 - 4). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify the disclosure of Khanolkar with that of Wutka in order to utilize 
standard development practices for working with relational databases. 
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24. Regarding claims 12, 25, 38 and 93, Khanolkar in view of Wutka further show 
creating a summary based at least in part on a presence of the data element within the 
notification (Wutka, pgs. 2-4, Khanolkar col. 2 lines 63 - 67 and col. 4 lines 50 - 55). 

25. Regarding claims 13, 26, 39 and 94, Khanolkar in view of Wutka further show 
accessing the summary to determine the presence of the data element within the data 
structure (Wutka pgs. 2- 4). 



Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to John M. Macllwinen whose telephone number is (571) 272- 
9686. The examiner can normally be reached on M-F 7:30AM - 5:00PM EST; off alternate 
Fridays. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Andrew Caldwell can be reached on (571) 272-3868. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status information 
for unpublished applications is available through Private PAIR only. For more information 
about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on 
access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866- 
217-9197 (toll-free). If you would like assistance from a USPTO Customer Service 
Representative or access to the automated information system, call 800-786-9199 (IN USA 
OR CANADA) or 571-272-1000. 

/Andrew Caldwell/ 

Supervisory Patent Examiner, Art 

Unit 2142 

John Macllwinen 
(571) 272 - 9686 



